Friday, December 25, 2015

Setup HTTPS / SSL for Apache server

This post shows how to setup HTTPS (Hypertext Transfer Protocol Secure) / SSL (Secure Sockets Layer) with a Raspberry Pi.

 1. Raspberry Pi Requirements:

Apache HTTP server installed

 Custom domain name configured for Raspberry Pi's IP address on a Mac or Raspberry Pi.

You should have an HTTP server working like this:




2. Confirm if OpenSSL has been installed with this command:

sudo apt-get install openssl



3. Create certificate and key files:

sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

where -x509 refers to the X.509 standard, while rsa:2048 refers to 2048-bit RSA cryptosystem (cryptographic algorithms).

 You may replace 365 days by 1095 days for a longer period of three years.

 Enter the the names of your country, state / province, locality, organization, organizational unit and common name as well as your email address.


 4. Create a symbolic link:


sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl

5. Edit the SSL configuration file:

sudo nano /etc/apache2/sites-enabled/000-default-ssl

Type Ctrl+W to search for "SSLCer" and make sure:

SSLEngine on

and modify these file paths:

SSLCertificateFile    /etc/apache2/ssl/server.crt

SSLCertificateKeyFile /etc/apache2/ssl/server.key



6. Restart the Apache server:

 sudo service apache2 restart

 or

 sudo /etc/init.d/apache2 restart
7. Open a browser from a computer. This example uses Firefox on a Mac. Enter the HTTPS version of your custom domain name. The message of "This Connection is Untrusted" is shown because we did not pay for a SSL certificate.

 Select Add Exception.

Select Confirm Security Exception.

Now a secure lock is shown at the left of the URL.

 This also works with PHP.

 Reference:

 Enable SSL for apache server in 5 minutes
Posted by at
Labels:

6 comments:

  1. Diego RedravenApril 29, 2017 at 7:49 PM

    All ok ... but i need use "sudo a2enmod ssl" :)

    ReplyDelete
  2. UnknownAugust 8, 2017 at 2:38 AM

    Sadly didn't work. Did everything you told, tried connecting with a port redirection to port 443 (as I presume it should be by default?), and it says "impossible to connect". I can still connect to port 80 but non encrypted ofc.

    ReplyDelete
    Replies
    1. SergeNovember 25, 2017 at 9:20 PM

      the instructions missed an additional step:
      sudo a2enmod ssl

      then you need to restart the service as in step 6.

      Delete
  3. The BloiteDecember 25, 2018 at 2:40 PM

    brother thank you for this but my this file : sudo nano /etc/apache2/sites-enabled/000-default-ssl is empty so kindly help thanks

    ReplyDelete
    Replies
    1. ShaunNovember 8, 2019 at 10:05 PM

      This is a very late response, I know. But I had the same issue. What worked for me was making sure to first remove the empty 000-default-ssl file, then redo the ln command but with the .conf extension:
      sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf

      Delete
  4. ShaunNovember 8, 2019 at 10:04 PM

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)